Vulnerabilities > Tryton > Tryton > 3.0.2

DATE CVE VULNERABILITY TITLE RISK
2018-04-12 CVE-2014-6633 Command Injection vulnerability in Tryton
The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the collection.domain in the webdav module or (2) the formula field in the price_list module.
network
low complexity
tryton CWE-77
critical
 9.0
9.0
2017-04-04 CVE-2017-0360 Improper Privilege Management vulnerability in Tryton
file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack.
network
high complexity
tryton CWE-269
5.3
5.3
2016-09-07 CVE-2016-1242 Information Exposure vulnerability in Tryton
file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.
network
low complexity
tryton CWE-200
4.0
4.0
2016-09-07 CVE-2016-1241 Information Exposure vulnerability in Tryton
Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.
network
tryton CWE-200
3.5
3.5